[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question about mis-match SA lifetimes



>I would have thought the same.  In fact, it's not clear to me why the
>lifetime value needs to be mentioned in the protocol at all.  If I
>think the SA has lived long enough, I can rekey.  Whether the other
>side is more tolerant seems irrelevant.
>
>To put it differently: consider a hypothetical protocol that was just
>like IKE except that it doesn't exchange this information.  What bad
>properties, if any, would such a protocol have?

What if the peer wants to rekey once every second, and use PFS to
boot?  If you're trying to support hundreds or thousands of SAs, this
can get quite expensive in a hurry, and could be considered a denial-
of-service attack in some circles.  Knowing what the peer's intended
lifetime is can help prevent this, assuming that you're looking for it.

And one corollary to Dan's comments: If you're assuming a lifetime
of eight hours and the peer is assuming one minute, and the peer
for whatever reason only wants to negotiate once (assume here a
device that comes online, performs a transaction then goes away,
and furthermore that its DELETE doesn't make it across), then
you're going to keep all the SA information around for eight hours
because you don't know any better.  Whether or not it's kept on
disk, it still occupies memory that might be better used elsewhere
(again, you could be trying to do hundreds or thousands of SAs).

I'd just as soon keep the lifetimes in the protocol, thanks.

-Shawn Mamros
E-mail to: smamros@BayNetworks.com



Follow-Ups: